Use Transient to speed up WordPress

One of the features of WordPress is the ease of applying dropdown menus with access to posts & pages.

Applying menus in the header is a simply matter of including the following lines of code in header.php

wp_nav_menu(array(
‘items_wrap’ => ‘%3$s’,
‘depth’ => 3,
‘theme_location’ => ‘header-menu’,
‘container’ => false ));

However, this simple routine is pretty slow for complex or crowded menus and can result in a bottleneck as the page loads.
One solution is to cache the menus (which we presume chane infrequently), using WordPress’s “transient” command.

Effectively we test to see if we have a copy of the menu or whatever element in the cache.
If not, we add it to the cache, however if it does exist in the cache we grab it from there rather than creating it.

$cached_menu=get_transient(‘the_header_menu’);
if(false === $cached_menu){         
      $cached_menu =  wp_nav_menu(array( ‘items_wrap’ => ‘%3$s’, ‘depth’ => 3, ‘theme_location’ => ‘header-menu’, ‘container’ => false, ‘echo’ => false ));                 
set_transient(‘the_header_menu’, $cached_menu, 3600*5);    

    echo $cached_menu; 

 

Sample reset css file for web project

For developers working on projects, it can be frustrating to find odd and unexpected behaviour on the part of various html elements.

The best way to ensure you as the developer has complete control over all elements is to apply a base set of rules from which you can build your own set of rules.

Here is one example of a reset.css file that handle such instructions.

/* http://meyerweb.com/eric/tools/css/reset/
v2.0 | 20110126
License: none (public domain)
*/

html, body, div, span, applet, object, iframe,
h1, h2, h3, h4, h5, h6, p, blockquote, pre,
a, abbr, acronym, address, big, cite, code,
del, dfn, em, img, ins, kbd, q, s, samp,
small, strike, strong, sub, sup, tt, var,
b, u, i, center,
dl, dt, dd, ol, ul, li,
fieldset, form, label, legend,
table, caption, tbody, tfoot, thead, tr, th, td,
article, aside, canvas, details, embed,
figure, figcaption, footer, header, hgroup,
menu, nav, output, ruby, section, summary,
time, mark, audio, video {
margin: 0;
padding: 0;
border: 0;
font-size: 100%;
font: inherit;
vertical-align: baseline;
}
/* HTML5 display-role reset for older browsers */
article, aside, details, figcaption, figure,
footer, header, hgroup, menu, nav, section {
display: block;
}
body {
line-height: 1;
}
ol, ul {
list-style: none;
}
blockquote, q {
quotes: none;
}
blockquote:before, blockquote:after,
q:before, q:after {
content: ”;
content: none;
}
table {
border-collapse: collapse;
border-spacing: 0;
}

Recent updates to Google search results explained

FRED:   March 2017
The latest of Google’s confirmed updates, Fred targets websites that violate Google’s webmaster guidelines. The majority of affected sites are blogs with low-quality posts that appear to be created mostly for the purpose of generating ad revenue.

How to adjust: Review Google Search Quality Guidelines and watch out for thin content. If you show ads, make sure the pages they are found on are high-quality and offer relevant, ample information. This is basically it: Don’t try to trick Google into thinking your page is about something when it really is a gateway page full of affiliate links. Most publishers make money off ads, and that’s totally legit as long as you are not cheating.

 

POSSUM: September  2016
The Possum update ensured that local results vary more depending on the searcher’s location: the closer you are to a business’s address, the more likely you are to see it among local results. Possum also resulted in greater variety among results ranking for very similar queries, like “dentist denver” and “dentist denver co.” Interestingly, Possum also gave a boost to businesses located outside the physical city area.

How to adjust: Expand your keyword list and do location-specific rank tracking. Local businesses now need to be targeting more keywords than they used to, due to the volatility Possum brought into the local SERPs. As you check your rankings, make sure you’re doing this from your target location (or, better yet, a bunch of them). You can do this in Rank Tracker under Preferences > Preferred Search Engines. Click Add Custom next to Google. Next, specify your preferred location — you can make it as specific as a street address.

 

 

RANKBRAIN: October 26 2015
RankBrain is part of Google’s Hummingbird algorithm. It is a machine learning system that helps Google understand the meaning behind queries, and serve best-matching search results in response to those queries. Google calls RankBrain the third most important ranking factor. While we don’t know the ins and outs of RankBrain, the general opinion is that it identifies relevance features for web pages ranking for a given query, which are basically query-specific ranking factors.

How to adjust: Optimize content for relevance and comprehensiveness with the help of competitive analysis.

How risky are WordPress plugins

Risky, badly written plugins are the main way that attackers gain access to WordPress sites. Reducing your plugin security risk is one of the most important aspects of protecting your site. There are a number of things you can do to limit this risk.

Use as Few Plugins as Possible

You need to remember that every plugin you add to your site requires you to trust that the unknown person has written secure code, responses quickly to vulnerability reports and keeping your best interests in mind.

Only Download Plugins From Reputable Sites

If possible we recommend that you limit your plugin downloads to the official WordPress.org plugin directory. A great team of volunteers manages it, alongside a large community of users and security researchers helping out.

If you need to download a plugin from another site, you can use these tips to help determine whether the site is reputable:

  • The site should pass the “eye test”: professionally designed and using clear language to describe the plugin.
  • Look for a valid company name in the footer.
  • Terms of service and a privacy policy readily available.

Choose Reputable Plugins

The WordPress.org plugin directory makes it really easy to evaluate plugins by providing a nice summary that gives you almost everything you need. Here’s what we suggest you pay attention to:

  • The more recent the last update, the better.
  • Check the number of active installs the plugin has. Some reliable and useful plugins have low install numbers, but you should still examine a plugin carefully if it has a low install base (below 1,000 active installs). It may not be maintained.
  • It should be compatible with the current version of WordPress, though please note that immediately after a WordPress core release, a lot of reputable plugins will show a “Test up to:” value that is behind, as authors finish testing their plugin with the latest WordPress version.
  • The average plugin rating should be high enough to instill confidence. The higher the rating, the better, obviously.

You should also periodically review your installed plugins to make sure they have maintained their good standing.

Delete Plugins Immediately When You Stop Using Them

We have written at length about the fact that the best way to secure data is to get rid of it. The same concept applies to WordPress plugins: removing plugins reduces your risk.

Keep Your Plugins Up to Date

Security vulnerabilities are constantly being discovered in WordPress plugins. In many cases, the details of the vulnerability will be made public, meaning that the entire world is given the information necessary to exploit the security vulnerability. 

Many plugins like Wordfence include an auto-update feature. You should enable this in as many plugins as you can. For those for which you can’t, you should update to the latest version as soon as possible, especially if it includes a security fix.

Replace Abandoned and Removed Plugins

Have you ever started a project or hobby and gotten bored with it? That happens to WordPress plugin authors, too. In fact, it happens a lot.   Does that mean that they include a security vulnerability? Most likely not. What it does mean is that they represent a much higher risk than actively maintained plugins. We recommend that you not run plugins that haven’t been updated in over 2 years.

 

Modify the admin menu bar in WordPress

Recently we were asked by a client to simplify the presentation of the WordPress menu bar.

There are some nice plugins that you can use to achieve this such as “Admin Menu Editor Pro”.  This wonderful plugin offers lots of functionality, however, some of it’s best features are only available on the paid version of the site.

If you’re not in a position to buy a paid version, he is one way to manipulate the menu.
In this instance, the client had trouble remembering where to find the option to change the order of menu items on the front end of their site.  This is normally located at a submenu item of “appearance”.

We wanted to move it to the main menu so it would be easier to find  (less support for us).
So we added this routine to the “functions.php” file.

Please remember to back up this file before you every modify it, as even the slightest syntax error will cause your website to fail.

function change_menus_position() {

//   remove the menu item from the theme altogether
remove_submenu_page( ‘themes.php’, ‘nav-menus.php’ );

//  add it back to the main menu.
add_menu_page(
     ‘Menus’,
     ‘Menus’,
     ‘edit_theme_options’,
     ‘nav-menus.php’,
     ”,
     ‘dashicons-list-view’,
     68
     );
}

 

Questions to consider before building your website.

1) What do you want to the website to do for you?
Other than getting new customers what else do you want your website to do for you?

Do you want to save time and make it easier for customers to access information?  As such, should you include FAQ and downloadable resources.  It is to capture email accounts so you can market to them, as such do you need to integrate with Mailchimp or other email newsletter services.

Without actually knowing what you want your website to do for you, how can a developer offer a solution?  
Should you expect to be asked these questions.  I think so.

2) Should the web designer spend time learning about your business?Designing a website requires a lot of time upfront getting to know your business.  Getting to understand your target customers, their buying patterns, your competition, how you are different and/or better than your competition, and hence understanding your essential. 

 

3) How good is the web designer’s communication?
When choosing a web designer, you need to have a rapport.  You have to feel comfortable with them, feel like you can be critical and that they are committed to achieving your goals.   There are a lot of good designers around who simply can’t take criticism or are uncomfortable talking to business owners one on one.

4) Is the web developer able to generate traffic to the website.
It goes without saying that you need traffic to your website and get results online, so it is essential that you make sure the web designer you use has the SEO skills needed to draw traffic and convert that traffic to enquiries.ne.

 

5) Does the web designer know how to build a responsive website?
Google is penalises websites that aren’t mobile-friendly. So making sure your web designer creates your website with responsive design is absolutely necessary.

10) How much should it cost?
Price shouldn’t be the main determining factor when looking for a web designer. You can expect to pay for what you get. Good web design takes time, and that’s what you pay for – their time.  Cheap websites are cheap for a reason.  They look ok, but have not been designed for your purpose.  The cost increases significantly when you think of the opportunity cost.  You only paid $500 for your website, but it gets no enquiries, so it’s actually costing you thousands of dollars every month.

 

 

 

Displaying dates using PHP

tomorrow  = mktime(0, 0, 0, date(“m”)  , date(“d”)+1, date(“Y”));
last month = mktime(0, 0, 0, date(“m”)-1, date(“d”),   date(“Y”));
next year  = mktime(0, 0, 0, date(“m”),   date(“d”),   date(“Y”)+1);

Wednesday the 15th =  date(‘l \t\h\e jS’) 
Wednesday = date(“l”)

March 10, 2017 5:16 pm = date(“F j, Y, g:i a”);                
03.10.17 = date(“m.d.y”);                       
10, 3, 2017 = date(“j, n, Y”);                      
 20170310 = date(“Ymd”);                       

 

 

Why pay to maintain my website

So, you’ve created a fantastic website.  You spent a bit more than you initially wanted, but the end result is beyond your initial expectation too.  Having spent your money you now all you want to do is leave it to itself and forget about it for a while.

But, now the agency that designed the website are talking about a maintenance contract.  What exactly is that all about?

What is website maintenance made up of?
There are two types of website maintenance.  The one that I’m not referring to in this post is content maintenance.  A website is only as good as the content.  If you have nothing to say then don’t expect much traffic and as a result, too many enquires.   Live, organic, informative, changing, engaging content is key to Google success, which in turn leads to inquiries.

The second type of maintenance is software infrastructure, the core code that makes up your website and the plugins or additional scripts that makes your website stand out.  That’s the focus of this post.

Website maintenance.
Just like any software (Windows, Excel, Dreamweaver), the codebase needs to be routinely updated to support the latest hardware updates and to keep pace with new, more robust features.  The software that makes up your website is exactly the same.  
The most obvious example is security.  As your website dates, it becomes susceptible to malware and virus’.  Unless these vulnerabilities are managed your website could be compromised for significant periods and at great expense to fix.

The popular CMS ‘WordPress’ is particularly vulnerable because of its popularity.  The thing that makes it so popular (free to use) is the thing that makes it attractive to hackers.
Yes, you can get alerts when plugin updates are due, however, you need to test these updates to ensure they do not negatively impact your main website.

What does a contract include:
Framework updates to ensure that the very core of the website is operating efficiently.  You want to know that the code that underpins your website is not suffering from memory leaks or performance overloads.
This can only be done by a regular monitoring of the site. 
If left until an issue arises it can cause a noticeable disruption to performance (affecting your business) and a big chunk of time/money to resolve.

Plugin updates need to monitored very closely.  Free plugins are extremely attractive to developers because of the time saving the present, however free comes with a cost at some stage and that’s security and compatibility.  As updates are made available you can’t assume the new plugin will work seamlessly with the rest of your site.  Just as the old one was tested for compatibility, the new one should be too in order to avoid crippling your website.

Site Backups are part of most hosting agreements, but not all hosting agreements are created equally.  You don’t want to find that your site backups are only available for certain restore points, or that the database can be restored but not the files.  Before any plugin or core file updates, you need to know without hesitation that a backup is available to restore the working copy immediately if an update fails.

So what would an update involve
Typically we review your website once a month.  We check the speed and the loads it places on the server.  If we find issues we determine what is causing it and if it is website related we address those issues.
At the same time, we look at the core website software and make sure there are no alerts circulating about emerging vulnerabilities.  If we find any we schedule an update.
During the same review cycle we look for alerts affecting any plugins used on your site and if necesary we update or disable the plugin.  
If we have to disable a plugin we need to find an alternative solution (however this may involve additional costs beyond the standard contract).

If we find that an update to code is necessary, we do the following.

  • We make a complete backup of the site and it’s databases
  • We document what test we intend to conduct to ensure the plugin is working
  • We apply the plugin update (out of office time) and run the test
  • If anything goes wrong we do a complete restore and investigate what is required to do better update.

Site maintenance is a necessary precaution to making sure the website you developed to generate business enquires continues to meet it’s objectives.
It is not something you want to avoid.

 

 

 

 

Why upgrade WordPress if it’s working

Lots of customers we work with come to us because they have an outdated website that is based on the WordPress framework, whilst others come to us specifically requesting that we develop their site using WordPress.  Whether the site is an established site or a brand new one.  Making sure you the version of WordPress you’re using is critical to the success of your website.

I’m safe, no one would bother hacking my site.
It’s reasonable for customers to suspect that hackers only target corporate or government websites that handle sensitive financial or customer information such as credit card numbers and personal information. However, this simply is not the case.  Over the years a number of our clients with simple informational websites have been hacked by malicious software. Hackers write code that automatically scans the web and identifies vulnerabilities within websites running older, expired software. 

Sometimes the hackers are only doing it for vanity (look what I can do), other times its so they can use your website to transmit span across the internet using your email accounts. 

In rarer cases, hackers want to hold your website for ransom until you pay them with money – Bitcoin.

If you’re on a shared hosting server, they may be using your site as an indirect access to another site, but causing you disruption in the process

  • Hackers may want access to the server where your website is hosted, and by gaining access to your website, they may be able to extend their hack to the server and all the websites that are hosted on it.
  • Hackers may want to use your web account to send emails or host content hidden from view.
  • Hackers may use your website to promote products or illegal content by hiding links inside your code, even though you can’t see it, it still can boost their content within the web.

What should I do
If you’re using WordPress, it is critical that you keep your core code and plugins up to date. Always update to the newest releases, which often contain security patches.

Of course, this option only works reliably in WordPress as long as any customisation to the website theme or core functions was conducted by a competent WordPress practitioner.  If they simply hacked updated onto your website, upgrading to the latest version of WordPress, without backing up your code could be the worst option.

WordPress is built to alert you when updates to the cored (minor & major) updates are available.  It also provides this advice for its plugins.

Automated Plugins
For some people, being told that an upgrade is available is not enough.  They may be time poor or simply not interested.  Luckily there are free plugins to help with  hate

Easy Update Manager
There is also a very powerful plugin that allows you to automate the backup process.  The plugin lets you choose which plugins you do not want to update automatically.

UpdraftPlus Backups
This free plugin allows you to schedule backups of your website and offers you the opportunity to automatically back up your files and databases locally or externally (Dropbox, Amazon etc…..).

 

jquery conflicts – how to avoid

For those scripting developers who enjoy the flexibility of using jQuery to deliver front end solutions to their website users.

One common obstacle from developers who like to incorporate scripts from third parties are instances of on jQuery conflicts that cause the scripts to misfire or not run at all.

What tends to happen is that the original developer created their script in isolation.  Working in isolation and focusing on their task, they overlooked the fact that one day their script would be used in a setting that supported multiple jQuery scripts.

Because they were working in isolation, they referenced the jQuery session with a default of ‘$’
ie…    $(document).ready(function(){

Working in their own lab, this is fine, but if the next or previous script writer also used the same ‘$’ reference, both scripts will conflicit and stop working.

The work around
Give each individual session a unique name…. NOT ‘$’ 

var jq = $.noConflict();
jq(document).ready(function(){
    jq(“button”).click(function(){
        jq(“p”).text(“jQuery is still working!”);
    });
});